stats: measure time for encryption/decryption

Measure the time for data encryption and decryption with stream and block ciphers. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
rst0git · Jan 17, 2024 · 7c899c6 · 7c899c6
1 parent 7883e38
commit 7c899c6
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 19 deletions.
diff --git a/criu/cr-restore.c b/criu/cr-restore.c
@@ -2601,13 +2601,13 @@ int cr_restore_tasks(void)
 	if (cr_plugin_init(CR_PLUGIN_STAGE__RESTORE))
 		return -1;
 
-	if (tls_initialize_cipher_from_image())
+	if (init_stats(RESTORE_STATS))
 		goto err;
 
-	if (check_img_inventory(/* restore = */ true) < 0)
+	if (tls_initialize_cipher_from_image())
 		goto err;
 
-	if (init_stats(RESTORE_STATS))
+	if (check_img_inventory(/* restore = */ true) < 0)
 		goto err;
 
 	if (lsm_check_opts())

diff --git a/criu/include/stats.h b/criu/include/stats.h
@@ -8,13 +8,19 @@ enum {
 	TIME_MEMWRITE,
 	TIME_IRMAP_RESOLVE,
 
+	TIME_STREAM_CIPHER_ENCRYPTION,
+	TIME_BLOCK_CIPHER_ENCRYPTION,
+
 	DUMP_TIME_NR_STATS,
 };
 
 enum {
 	TIME_FORK,
 	TIME_RESTORE,
 
+	TIME_STREAM_CIPHER_DECRYPTION,
+	TIME_BLOCK_CIPHER_DECRYPTION,
+
 	RESTORE_TIME_NS_STATS,
 };
 

diff --git a/criu/stats.c b/criu/stats.c
@@ -170,6 +170,14 @@ void write_stats(int what)
 		ds_entry.has_irmap_resolve = true;
 		encode_time(TIME_IRMAP_RESOLVE, &ds_entry.irmap_resolve);
 
+		if (opts.encrypt) {
+			ds_entry.has_stream_cipher_encryption_time = true;
+			encode_time(TIME_STREAM_CIPHER_ENCRYPTION, &ds_entry.stream_cipher_encryption_time);
+
+			ds_entry.has_block_cipher_encryption_time = true;
+			encode_time(TIME_BLOCK_CIPHER_ENCRYPTION, &ds_entry.block_cipher_encryption_time);
+		}
+
 		ds_entry.pages_scanned = dstats->counts[CNT_PAGES_SCANNED];
 		ds_entry.pages_skipped_parent = dstats->counts[CNT_PAGES_SKIPPED_PARENT];
 		ds_entry.pages_written = dstats->counts[CNT_PAGES_WRITTEN];
@@ -198,6 +206,14 @@ void write_stats(int what)
 		encode_time(TIME_FORK, &rs_entry.forking_time);
 		encode_time(TIME_RESTORE, &rs_entry.restore_time);
 
+		if (opts.encrypt) {
+			rs_entry.has_stream_cipher_decryption_time = true;
+			encode_time(TIME_STREAM_CIPHER_DECRYPTION, &rs_entry.stream_cipher_decryption_time);
+
+			rs_entry.has_block_cipher_decryption_time = true;
+			encode_time(TIME_BLOCK_CIPHER_DECRYPTION, &rs_entry.block_cipher_decryption_time);
+		}
+
 		name = "restore";
 	} else
 		return;

diff --git a/criu/tls.c b/criu/tls.c
@@ -17,6 +17,7 @@
 #include "protobuf.h"
 #include "cr_options.h"
 #include "xmalloc.h"
+#include "stats.h"
 #include "tls.h"
 
 /* Compatibility with GnuTLS version < 3.5 */
@@ -876,7 +877,7 @@ int write_img_cipher(void)
  */
 int tls_encrypt_data(void *data, size_t data_size, uint8_t *tag_data, uint8_t *nonce_data)
 {
-	int ret;
+	int ret, exit_code = -1;
 	giovec_t iov[1];
 	gnutls_datum_t key;
 	static gnutls_aead_cipher_hd_t handle = NULL;
@@ -886,14 +887,16 @@ int tls_encrypt_data(void *data, size_t data_size, uint8_t *tag_data, uint8_t *n
 	if (!opts.encrypt)
 		return -1;
 
+	timing_start(TIME_STREAM_CIPHER_ENCRYPTION);
+
 	if (handle == NULL) {
 		key.data = token;
 		key.size = gnutls_cipher_get_key_size(stream_cipher_algorithm);
 
 		ret = gnutls_aead_cipher_init(&handle, stream_cipher_algorithm, &key);
 		if (ret < 0) {
 			tls_perror("Failed to initialize cipher", ret);
-			return -1;
+			goto err;
 		}
 	}
 
@@ -904,7 +907,7 @@ int tls_encrypt_data(void *data, size_t data_size, uint8_t *tag_data, uint8_t *n
 	ret = gnutls_rnd(GNUTLS_RND_NONCE, nonce_data, nonce_len);
 	if (ret < 0) {
 		tls_perror("Failed to generate random nonce", ret);
-		return -1;
+		goto err;
 	}
 
 	iov[0].iov_base = data;
@@ -913,10 +916,13 @@ int tls_encrypt_data(void *data, size_t data_size, uint8_t *tag_data, uint8_t *n
 	ret = gnutls_aead_cipher_encryptv2(handle, nonce_data, nonce_len, NULL, 0, iov, 1, tag_data, &tag_size);
 	if (ret < 0) {
 		tls_perror("Failed to encrypt data", ret);
-		return -1;
+		goto err;
 	}
 
-	return 0;
+	exit_code = 0;
+err:
+	timing_stop(TIME_STREAM_CIPHER_ENCRYPTION);
+	return exit_code;
 }
 
 /**
@@ -926,7 +932,7 @@ int tls_encrypt_data(void *data, size_t data_size, uint8_t *tag_data, uint8_t *n
  */
 int tls_decrypt_data(void *data, size_t data_size, uint8_t *tag_data, uint8_t *nonce_data)
 {
-	int ret;
+	int ret, exit_code = -1;
 	giovec_t iov[1];
 	gnutls_datum_t key;
 	gnutls_aead_cipher_hd_t handle = NULL;
@@ -936,10 +942,12 @@ int tls_decrypt_data(void *data, size_t data_size, uint8_t *tag_data, uint8_t *n
 	key.data = token;
 	key.size = gnutls_cipher_get_key_size(stream_cipher_algorithm);
 
+	timing_start(TIME_STREAM_CIPHER_DECRYPTION);
+
 	ret = gnutls_aead_cipher_init(&handle, stream_cipher_algorithm, &key);
 	if (ret < 0) {
 		tls_perror("Failed to initialize cipher", ret);
-		return -1;
+		goto err;
 	}
 
 	iov[0].iov_base = data;
@@ -948,12 +956,14 @@ int tls_decrypt_data(void *data, size_t data_size, uint8_t *tag_data, uint8_t *n
 	ret = gnutls_aead_cipher_decryptv2(handle, nonce_data, nonce_len, NULL, 0, iov, 1, tag_data, tag_size);
 	if (ret < 0) {
 		tls_perror("Failed to decrypt data", ret);
-		return -1;
+		goto err;
 	}
 
+	exit_code = ret;
 	gnutls_aead_cipher_deinit(handle);
-
-	return ret;
+err:
+	timing_stop(TIME_STREAM_CIPHER_DECRYPTION);
+	return exit_code;
 }
 
 /**
@@ -1329,26 +1339,38 @@ int tls_decryption_pipe(int intput_file_fd, int pipe_write_fd)
 
 int tls_block_cipher_encrypt_data(void *ptext, size_t ptext_len)
 {
-	int ret;
+	int ret, exit_code = -1;
+
+	timing_start(TIME_BLOCK_CIPHER_ENCRYPTION);
 
 	ret = gnutls_cipher_encrypt2(block_cipher_handle, ptext, ptext_len, (void *)ptext, ptext_len);
 	if (ret < 0) {
 		tls_perror("Failed to encrypt data", ret);
-		return -1;
+		goto err;
 	}
-	return 0;
+
+	exit_code = 0;
+err:
+	timing_stop(TIME_BLOCK_CIPHER_ENCRYPTION);
+	return exit_code;
 }
 
 int tls_block_cipher_decrypt_data(void *ctext, size_t ctext_len)
 {
-	int ret;
+	int ret, exit_code = -1;
+
+	timing_start(TIME_BLOCK_CIPHER_DECRYPTION);
 
 	ret = gnutls_cipher_decrypt2(block_cipher_handle, ctext, ctext_len, (void *)ctext, ctext_len);
 	if (ret < 0) {
 		tls_perror("Failed to decrypt data", ret);
-		return -1;
+		goto err;
 	}
-	return 0;
+
+	exit_code = 0;
+err:
+	timing_stop(TIME_BLOCK_CIPHER_DECRYPTION);
+	return exit_code;
 }
 
 /**

diff --git a/images/stats.proto b/images/stats.proto
@@ -22,6 +22,9 @@ message dump_stats_entry {
 	optional uint64			shpages_scanned		= 12;
 	optional uint64			shpages_skipped_parent	= 13;
 	optional uint64			shpages_written		= 14;
+
+	optional uint32			stream_cipher_encryption_time	= 15;
+	optional uint32			block_cipher_encryption_time	= 16;
 }
 
 message restore_stats_entry {
@@ -32,6 +35,9 @@ message restore_stats_entry {
 	required uint32			restore_time		= 4;
 
 	optional uint64			pages_restored		= 5;
+
+	optional uint32			stream_cipher_decryption_time	= 6;
+	optional uint32			block_cipher_decryption_time	= 7;
 }
 
 message stats_entry {